Vulnerability Description
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deepwisdom | Metagpt | <= 0.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/FoundationAgents/MetaGPT/Product
- https://github.com/FoundationAgents/MetaGPT/issues/1928Issue TrackingExploit
- https://github.com/FoundationAgents/MetaGPT/issues/1956Issue Tracking
- https://vuldb.com/submit/791734ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/vuln/356525Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/356525/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-5971?
CVE-2026-5971 is a vulnerability with a CVSS score of 7.3 (HIGH). A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Exec...
How severe is CVE-2026-5971?
CVE-2026-5971 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5971?
Check the references section above for vendor advisories and patch information. Affected products include: Deepwisdom Metagpt.